Victims of bank transfer scams risk being left unprotected
Bank transfer scam victims risk being left unprotected from January after the industry failed to agree a plan to compensate people.
More than £1m a day is being lost to scams in which people are duped into authorising a payment to an account controlled by a criminal. The failure to agree a protection plan may make it more likely that the next government will step in.
In response to this growing crime, a voluntary code requiring banks to reimburse affected customers who meet the criteria took effect on 28 May 2019. But the funding arrangement that bails out some of the victims of this scam is due to end on 31 December. This relates to where the customer and their bank have done everything expected of them under the code - known as the "no blame scenario".
Last month the consumer body Which? warned that time was running out and, unless a solution was agreed soon, there was a risk of "a return to the dark days of blameless victims losing their life savings to this devastating crime". A proposal for banks to pay a small fee on some transfers to collectively fund a no-blame reimbursement pot was put forward by seven banks and building societies. A 2.9p levy would be applied to some faster types of payment.
But the payment body Pay.UK, which was tasked with making the final decision, has rejected this proposal after a consultation. It concluded that there was no industry consensus to finance a central fund to reimburse victims. The body said the lack of agreement among banks, building societies and other financial firms meant the proposal could not be implemented or enforced in practice, with the consultation feedback indicating "a number of unresolvable issues".
So from January it will be up to individual banks to decide whether they are going to reimburse victims. Fraudsters stole £616m from UK bank customers during the first six months of 2019, according to the banking group UK Finance. Of this total, £207m was lost to bank transfer scams - up 40% on the same period in 2018.
This type of scam
is officially known as authorised push payment fraud and includes cases where email accounts - either those of individuals or the companies or tradespeople they have employed - are hacked to trick consumers into sending large sums to criminal accounts. This month, a report from the Commons Treasury committee said the voluntary code should be made compulsory via legislation. However, they noted that this would not help previous victims of such frauds, and so banks should consider retrospectively reimbursing customers back to 2016.
Responding to Pay.UK's announcement, Which? said: "It's clear that a voluntary, industry-led approach to protecting scam victims is not enough. The next government must work with the regulator to make the code and reimbursement mandatory." The banking body UK Finance said it was disappointed that a way forward had not yet been agreed. However, Paul Horlock, Pay.UK's chief executive, said: "With or without a central pot, payment providers have always had, and will continue to have, the power to compensate individual consumers." Financial companies should be required by law to refund victims of bank transfer scams, and should consider reimbursing the many thousands defrauded since 2016, according to a report from MPs.
They also said retailers and other companies that suffer data breaches that lead to fraud should be forced to pick up the bill for the costs of reimbursing customers and issuing new bank cards. Another recommendation aimed at stemming the rising tide of financial crime is a mandatory 24hour delay on all first-time payments between bank accounts to try to outwit fraudsters.
The report from the Commons Treasury committee came after official data showed that scammers stole £616m from UK bank customers during the first six months of 2019. Of this total, £207.5m was lost after people were duped into authorising a payment to an account controlled by a criminal. This was up 40% on the figure for the same period in 2018.
This type of scam is officially known as authorised push payment (APP) fraud and includes cases where email accounts – either those of individuals or the companies or tradespeople they have employed – are hacked in order to trick consumers into sending large sums to criminal accounts.